1 | .TH NEWSYSLOG.CONF 5 "December 1, 1995" "MIT Athena" |
---|
2 | .SH NAME |
---|
3 | newsyslog.conf \- configuration files for newsyslog |
---|
4 | .SH DESCRIPTION |
---|
5 | When starting up, |
---|
6 | .IR newsyslog |
---|
7 | reads in a configuration file to determine what actions should be |
---|
8 | taken. By default, the configuation is read from |
---|
9 | .IR /etc/athena/newsyslog.conf . |
---|
10 | Each line of this file may either describe a particular log file that |
---|
11 | should be handled by |
---|
12 | .IR newsyslog , |
---|
13 | or define additional information related to processing of the log |
---|
14 | files. Blank lines and lines starting with a ``#'' are ignored. |
---|
15 | .SS Log file description lines |
---|
16 | Each log file description line has five mandatory fields and two |
---|
17 | optional fields describing the log file to handle, with a whitespace |
---|
18 | separating each field. The fields are as follows: |
---|
19 | .br |
---|
20 | logfile name |
---|
21 | .br |
---|
22 | owner.group of archives (optional) |
---|
23 | .br |
---|
24 | mode of logfile & archives |
---|
25 | .br |
---|
26 | number of archives |
---|
27 | .br |
---|
28 | size of archives |
---|
29 | .br |
---|
30 | number of hours |
---|
31 | .br |
---|
32 | flags (optional) |
---|
33 | .PP |
---|
34 | The |
---|
35 | .I logfile name |
---|
36 | entry is the name of the system log file to be archived. |
---|
37 | .PP |
---|
38 | The optional |
---|
39 | .I owner.group |
---|
40 | entry specifies an ownership and group for the archive file. |
---|
41 | The ``.'' is essential, even if the |
---|
42 | .I owner |
---|
43 | or |
---|
44 | .I group |
---|
45 | field is left blank. The |
---|
46 | fields may be numeric, or a name which is looked up in |
---|
47 | .I /etc/passwd |
---|
48 | or |
---|
49 | .IR /etc/group . |
---|
50 | .PP |
---|
51 | The |
---|
52 | .I number of archives |
---|
53 | entry specifies the number of archives to be kept besides the log file |
---|
54 | itself. |
---|
55 | .PP |
---|
56 | When the size of the logfile reaches |
---|
57 | .I size of |
---|
58 | .IR archives , |
---|
59 | the logfile becomes trimmed as described above. The size may be any |
---|
60 | integer greater than zero and less than 2147483648, in kilobytes. |
---|
61 | It may also be ``*'', meaning that the logfile will not be trimmed |
---|
62 | unless the |
---|
63 | .I number of hours |
---|
64 | criterion is met (see below). |
---|
65 | .PP |
---|
66 | The |
---|
67 | .I number of hours |
---|
68 | entry specifies the time separation between the trimming of the log |
---|
69 | file. The number may be any integer greater than zero and less than |
---|
70 | 2147483648. It may also be ``*'', meaning that the logfile will not |
---|
71 | be trimmed unless the |
---|
72 | .I size of archives |
---|
73 | criterion is met (see above). |
---|
74 | .PP |
---|
75 | The |
---|
76 | .I flags |
---|
77 | field specifies any special processing done to the archived log files: |
---|
78 | .br |
---|
79 | .TP |
---|
80 | .B B |
---|
81 | means that the file is a binary file, and so the ascii message which |
---|
82 | .I newsyslog |
---|
83 | normally inserts to indicate the fact that the logs have been turned |
---|
84 | over should not be included. |
---|
85 | .TP |
---|
86 | .B D |
---|
87 | indicates that the archived log files should be labelled with the date |
---|
88 | when the file was turned over, in the format ``logfile.YYYYMMDD'', |
---|
89 | instead of using the usual sequence ``logfile.0'', ``logfile.1''... |
---|
90 | .PP |
---|
91 | Other flags relating to the processing of the files can be defined in |
---|
92 | the file, but one default definition is provided for compatibility: |
---|
93 | .TP |
---|
94 | .B Z |
---|
95 | will compress the archive files to save space using |
---|
96 | .IR compress . |
---|
97 | This option can be redefined, but the re-definition must appear before |
---|
98 | the first log file description line. |
---|
99 | .PP |
---|
100 | It is possible to specify multiple filtering flags for a single log |
---|
101 | file. In this case, the commands will be executed in order they are |
---|
102 | listed in the |
---|
103 | .I flags |
---|
104 | field. |
---|
105 | .SS Filtering and post-processing command definitions |
---|
106 | It is possible to define additional flags that describe various |
---|
107 | operations which should be performed on the archived log file. |
---|
108 | Possible uses for this include defining flags that perform compression |
---|
109 | or generation of daily service reports. The definitions of the |
---|
110 | filtering commands consist of: |
---|
111 | .br |
---|
112 | the keyword |
---|
113 | .RB `` filter '' |
---|
114 | .br |
---|
115 | flag letter |
---|
116 | .br |
---|
117 | extension added by this filter (optional) |
---|
118 | .br |
---|
119 | program to be executed |
---|
120 | .br |
---|
121 | command-line arguments (optional) |
---|
122 | .PP |
---|
123 | The |
---|
124 | .I flag letter |
---|
125 | is a character which will be used to refer to this kind of filtering |
---|
126 | in the log file description lines. The character is case-insensitive. |
---|
127 | Flags must be defined before they are used in a log file description. |
---|
128 | .PP |
---|
129 | The |
---|
130 | .I extension |
---|
131 | field describes the filename extension which will be added by this |
---|
132 | filter (for example, ``.Z''). If the field is present, it must start |
---|
133 | with a ``.'' and contain no whitespace. If a filter doesn't change |
---|
134 | the filename, this option should be omitted. |
---|
135 | .PP |
---|
136 | .\" *** The following lines are relevant if USE_EXECVP is defined. |
---|
137 | The |
---|
138 | .I program |
---|
139 | field should be the name of the executable to be run. If the name is |
---|
140 | not a pathname (ie. if it does not contain a slash), the path |
---|
141 | specified by the environment variable PATH is searched for an |
---|
142 | occurrence of |
---|
143 | .IR program . |
---|
144 | .\" *** The following lines are relevant if USE_EXECVP is not defined. |
---|
145 | .\" The |
---|
146 | .\" .I program |
---|
147 | .\" field should be a full path to the executable to be run. No path |
---|
148 | .\" search will be performed. |
---|
149 | .\" *** |
---|
150 | .PP |
---|
151 | .I Command line arguments |
---|
152 | will be passed to the filtering program. The name of the logfile will |
---|
153 | be passed as the last argument, after all the arguments specified in |
---|
154 | the definition. For instance, if the definition is |
---|
155 | .RB `` filter |
---|
156 | .B Z .Z /usr/ucb/compress |
---|
157 | .BR -f '', |
---|
158 | the command that will be executed is |
---|
159 | .I /usr/ucb/compress -f |
---|
160 | .IR logfile.0 . |
---|
161 | .PP |
---|
162 | It is possible to specify multiple filtering flags for a single log |
---|
163 | file. In this case, the commands will be executed in order their |
---|
164 | flags are specified. |
---|
165 | .SS Description of processes to restart |
---|
166 | It is possible to define additional flags that describe processes that |
---|
167 | should be restarted when the logfile is turned over by sending them a |
---|
168 | signal. The processes may be specified either by pid file name, |
---|
169 | using ``signal,'' or by process name, using ``signame.'' (The latter |
---|
170 | is currently available on SGI only.) |
---|
171 | .PP |
---|
172 | By default (if no signal flags are specified), a HUP signal |
---|
173 | is sent to the process specified by |
---|
174 | .IR /etc/syslog.pid , |
---|
175 | which is presumably the running |
---|
176 | .IR syslogd . |
---|
177 | On the SGI, the HUP signal is sent to the process named ``syslogd,'' |
---|
178 | as that platform has no |
---|
179 | .IR syslog.pid |
---|
180 | file. |
---|
181 | .PP |
---|
182 | The flag definitions have the following fields: |
---|
183 | .br |
---|
184 | the keyword |
---|
185 | .RB `` signal '' |
---|
186 | (or |
---|
187 | .RB `` signame '' ) |
---|
188 | .br |
---|
189 | flag letter |
---|
190 | .br |
---|
191 | pidident specifying the pid file (or name of process) |
---|
192 | .br |
---|
193 | signal (optional) |
---|
194 | .PP |
---|
195 | The |
---|
196 | .I flag letter |
---|
197 | is a character which will be used to refer to this pidident and signal |
---|
198 | in the log file description lines. The character is case-insensitive. |
---|
199 | Flags must be defined before they are used in a log file description. |
---|
200 | .PP |
---|
201 | For the ``signal'' keyword, the |
---|
202 | .I pidident |
---|
203 | is the name of a file which must contain, on the first line, the |
---|
204 | process ID (in ASCII decimal representation) of the process to which a |
---|
205 | signal should be sent. For the ``signame'' keyword, it is the name of |
---|
206 | the process to be signaled. |
---|
207 | .PP |
---|
208 | It is possible to specify the |
---|
209 | .I signal |
---|
210 | which will be sent either by its symbolic name or numerically. If |
---|
211 | this field is omitted, HUP is used. Note that the same signal will |
---|
212 | often have different numbers on various versions of UNIX, so use of |
---|
213 | symbolic names is encouraged. The available signal names include |
---|
214 | .\" I commented out all signals which are very unlikely to be useful... " |
---|
215 | .BR HUP , |
---|
216 | .BR INT , |
---|
217 | .BR QUIT , |
---|
218 | .\" .BR ILL ," |
---|
219 | .BR ABRT , |
---|
220 | .BR FPE , |
---|
221 | .BR KILL , |
---|
222 | .\".BR BUS ," |
---|
223 | .\".BR SEGV ," |
---|
224 | .\".BR PIPE ," |
---|
225 | .BR ALRM , |
---|
226 | .BR TERM , |
---|
227 | .BR USR1 , |
---|
228 | .BR USR2 , |
---|
229 | .\".BR CHLD ," |
---|
230 | .BR PWR , |
---|
231 | .BR STOP |
---|
232 | and |
---|
233 | .\".BR TSTP ," |
---|
234 | .BR CONT , |
---|
235 | .\".BR TTIN ," |
---|
236 | .\".BR TTOU ," |
---|
237 | assuming they are implemented by the operating system. Note that some |
---|
238 | of these signals have special meaning to the operating system or |
---|
239 | certain application programs, and may not do what you want (ABRT, |
---|
240 | KILL, ALRM, STOP and CONT are likely offenders). |
---|
241 | .PP |
---|
242 | Each specified process will be restarted exactly once, unless none of |
---|
243 | the log files it is connected to are actually turned over. The order |
---|
244 | in which the logfiles are turned over is unspecified and shouldn't be |
---|
245 | relied upon. It is possible to specify multiple signal flags for a |
---|
246 | single log file. |
---|
247 | .SH EXAMPLES |
---|
248 | Adding the following line to the configuration file line makes |
---|
249 | .I newsyslog |
---|
250 | roll over |
---|
251 | .I /usr/spool/mqueue/syslog |
---|
252 | if it is longer than 50KB, keeping the most recent 5 logfiles with |
---|
253 | file mode of 644 (and restarting |
---|
254 | .I syslogd |
---|
255 | in the process): |
---|
256 | .RS |
---|
257 | .B /usr/spool/mqueue/syslog 644 5 50 * |
---|
258 | .RE |
---|
259 | .PP |
---|
260 | To also compress the logfiles and insure they are owned by user and group |
---|
261 | .IR daemon , |
---|
262 | one would use |
---|
263 | .RS |
---|
264 | \fB/usr/spool/mqueue/syslog daemon.daemon 644 5 50 * Z\fR |
---|
265 | .RE |
---|
266 | .PP |
---|
267 | Compressing the logfiles using |
---|
268 | .I gzip --best -f |
---|
269 | .RI < filename > |
---|
270 | instead of |
---|
271 | .I compress -f |
---|
272 | .RI < filename > |
---|
273 | can be done as follows, assuming |
---|
274 | .I gzip |
---|
275 | is installed as |
---|
276 | .IR /usr/local/bin/gzip : |
---|
277 | .RS |
---|
278 | \fBfilter G .gz /usr/local/bin/gzip --best -f |
---|
279 | .br |
---|
280 | /usr/spool/mqueue/syslog daemon.daemon 644 5 50 * G\fR |
---|
281 | .RE |
---|
282 | .PP |
---|
283 | Multiple filters can be applied to the same file, and they will get |
---|
284 | executed in the same order in which their flags are specified. Notice |
---|
285 | that the flags used in this example are |
---|
286 | .RB `` SG '' |
---|
287 | and not |
---|
288 | .RB `` GS '', |
---|
289 | because generating the digest must be done before compression! |
---|
290 | .RS |
---|
291 | \fBfilter G .gz /usr/local/bin/gzip --best -f |
---|
292 | .br |
---|
293 | filter S /usr/local/bin/sulog-digest bert@mit.edu |
---|
294 | .br |
---|
295 | /usr/adm/sulog 600 1 10 * SG\fR |
---|
296 | .RE |
---|
297 | .PP |
---|
298 | All of the previous examples restart the |
---|
299 | .I syslogd |
---|
300 | when a logfile is turned over, but you can specify any program which |
---|
301 | specifies a pidfile instead. For instance, if you are running a |
---|
302 | .I httpd |
---|
303 | which can be restarted by sending it a HUP signal, and you want to |
---|
304 | keep a large number of old 50KB logfiles with filenames like |
---|
305 | ``access.log.19951201.gz'' (indicating that the logfile was turned |
---|
306 | over on December 1, 1995), the logs can be turned over something like |
---|
307 | this: |
---|
308 | .RS |
---|
309 | \fBsignal W /var/httpd/httpd.pid HUP |
---|
310 | .br |
---|
311 | filter G .gz /usr/local/bin/gzip --best -f |
---|
312 | .br |
---|
313 | filter H /usr/local/bin/http-digest bert@mit.edu |
---|
314 | .br |
---|
315 | /var/httpd/access.log www.web 644 1000 50 * DHGW |
---|
316 | .br |
---|
317 | /var/httpd/error.log www.web 644 1000 50 * DHGW\fR |
---|
318 | .RE |
---|
319 | .PP |
---|
320 | Binary files such as |
---|
321 | .I /usr/adm/wtmp |
---|
322 | should be tagged with a |
---|
323 | .B B |
---|
324 | flag to prevent |
---|
325 | .I newsyslog |
---|
326 | from adding text messages to the file: |
---|
327 | .RS |
---|
328 | \fB/usr/adm/wtmp 644 3 50 * B\fR |
---|
329 | .RE |
---|
330 | .SH FILES |
---|
331 | /etc/athena/newsyslog.conf |
---|
332 | .SH "SEE ALSO" |
---|
333 | newsyslog(8), syslogd(8), compress(1), chmod(1), chown(1) |
---|